Oracle 10gR2 AS installation with Infrastructure & Identity Management 1) Download 10gR2 Application Server software from http://download

.oracle.com 2) Downloaded software is kept at /Stage/10gAS directory on AP008 server. 3) Login as “root” and create user “orainfra”. Assign DBA group to this user. Password assigned to this user is “orainfra1”. 4) Make following entries in /etc/sysctl.conf file and run sysctl –p or reboot the server in order to make changes effective.
kernel.sem= 256 32000 100 142 kernel.shmall= 2097152 kernel.shmmax= 4294967295 kernel.shmmni= 4096 kernel.msgmax= 8192 kernel.msgmnb= 65535 kernel.msgmni= 2878 fs.file-max= 206173 net.ipv4.ip_local_port_range= 1024 65000 net.core.rmem_default= 262144 net.core.rmem_max= 262144 net.core.wmem_default= 262144 net.core.wmem_max= 262144

5) Below mentioned packages must be installed on the server. Higher version of any of these packages will suffice for installation & running of SSO/OID.
glibc-2.3.4-2.9 glibc-common-2.3.4-2.9 binutils-2.15.92.0.2-13 compat-libstdc++-296-2.96-132.7.2 compat-db-4.1.25-9 gcc-3.4.3-22.1 gcc-c++-3.4.3-22.1 libstdc++-3.4.3-22.1 libstdc++-devel-3.4.3-22.1 openmotif21-2.1.30-11.RHEL4.4 pdksh-5.2.14-30 setarch-1.6-1 make-3.80-5 gnome-libs-1.4.1.2.90-44.1 sysstat-5.0.5-1 control-center-2.8.0-12 xscreensaver-4.18-5.rhel4.2

6) Login as user “orainfra” and go to the directory /Stage/10gAS/disk1 and launch runinstaller. Unset environment variables “LESSOPEN” & LS_COLORS” .Follow the screenshot below for selecting proper options. $. /Stage/10gAS/disk1/runInstaller

.

.conf after the installation.Warning was because it is looking for SHMMAX as 4 GB where as it was defined as 2GB. Value changed to 4294967295 in /etc/sysctl.

.

.

.

Password given is “infra123” .

Password given is “infra1” .

.

.

.

.

.Hit retry button and it will succeed. This finishes installation of 10gR2 Oracle Infrastructure Server with SSO component.

we need to have an Active Directory account capable of reading user and group profiles must be established for use by OID DIP during the synchronization process. • Create a test userid. • Log into Oracle Internet Directory Delegated Administration Services using the newly created test userid. 8) Now configure SSO/OID for Microsoft Active Directory – To achieve this. • Ensure the Directory Integration and Provisioning Platform Server is running. supplying a password and other user information. Below is the detail used for OID/AD integration ( as provided by KV ) AD Server .com Password .Password1 9) The ability to connect to Active Directory with this account may be verified using below mentioned command after login on to SSO/OID server as user “orainfra” and ensuring correct environment variables for the installation is set ( running “infra.Svc-OIDAdmin@kv. It can be invoked through the command line interface by executing the command “dipassistant –gui” .w "Password1" Above mentioned command should result in “Bind Successful” 10) Synchronization profile creation: The first step in the configuration process is to create a synchronization profile.7) Test Identity management infrastructure by accessing the URL: • http://grrusap008. The command ps -ef | grep odi should show a process called $ORACLE_HOME/bin/odisrv running. The instructions in this section are based on those that appear in the Oracle Identity Management Guide.com" .com AD Port .kv.com:7777/oiddas/ • Log in using the “orcladmin” userid and password as “infra1” • Navigate to Directory > Create.389 Username .env” under $HOME of the user “orainfra”): ldapbind -p 389 -h grrusdc001. the easiest of which is to simply grant it Domain Admin privilege. This may be accomplished through a variety of means.kv.grrusdc001. • Log out.kv. Click Submit.com -D "Svc-OIDAdmin@kv.

kv.com Active Directory Port . Use vncviewer to login on AP008 server as user “orainfra” before launching dipassistant. Click the Apply button once entries are complete. The Import Profile Name and Export Profile Name values are then generated based on that name.KVADSync Note that any Connector Name may be supplied.389 Account Name . and then click the Refresh button. Enter below mentioned details on the right hand side window: Active Directory Host . correspondingly. The Oracle Directory Integration and Provisioning Server Administrator console window may remain open during the remainder of these instructions.grrusdc001. A tabbed window will appear for the currently-selected profile. The Oracle Directory Integration and Provisioning Server Administrator console window will appear once login is complete. and provide its corresponding password ( infra1 ).com Account Password – Password1 Connector Name . • Status tab – This tab can be used to periodically monitor synchronization status after completing the instructions in this document. • Execution tab – The Active Directory account and password may be modified using the Connected Directory Account and Connected Directory Account Password. Click the OK button to save any changes.Svc-OIDAdmin@kv. and the window should then close. . An Express Configuration form will appear on the right-hand side of the window. Verify the following: • General tab – Be sure to change the Profile Status to ENABLE. 12) Select Configuration Set1 in the System Objects list on the left-hand side of the window. The Scheduling Interval and Maximum Number of Retries values may be adjusted to determine the synchronization frequency and maximum number of retry errors before failure. 11) Select Active Directory Configuration in the System Objects list on the left-hand side of the window.A login window will appear – use orcladmin as the username. Select the “Import” version of the newly-created profile (KVADSyncImport) on the right-hand side of the window and click the Edit button.

This is accomplished using the bootstrap option of the Directory Integration and Provisioning Assistant. NOTE: This command is placed in a file with name adsync. and then ensure the Status tab indicates bootstrap success. One should run it if there is significant delay in AD-OID synchronization. Once the bootstrap successfully completes.13) Bootstrap Execution: The initial migration of data from AD to OID is known as a “bootstrap”. Chapter 16.sh under $ORACLE_HOME. return to the Oracle Directory Integration and Provisioning Server Administrator console and click the Refresh button. . which is detailed in the Bootstrapping Data between Directories section of the aforementioned Oracle Identity Management Integration Guide. This script is also called (currently not scheduled to run) from the crontab of the user “orainfra”. Select and Edit the current profile. A command is similar to the following may be used to initiate the bootstrap process: dipassistant bootstrap -port 389 -profile KVADSyncImport -D "cn=orcladmin" -w infra1 A series of messages will be displayed indicating the number of records processed.

kv./oidspadi.com Do you want to use SSL to connect to Active Directory? (y/n) n Please enter Active Directory port number [389]: 389 Please enter DB connect string: infra Please enter ODS password: infra1 Please enter confirmed ODS password: infra1 Please enter OID host name: grrusap008. This step involve execution of a UNIX shell script oidspadi. which validates user-supplied passwords with AD “behind the scenes” during a user login sequence.dc=kv. $ cd $ORACLE_HOME/ldap/admin $ . Chapter 16.kv. Sample prompt responses: Please enter Active Directory host name: grrusdc001.com Please enter OID port number [389]: 389 Please enter orcladmin password: infra1 Please enter confirmed orcladmin password: infra1 Please enter the subscriber common user search base [orclcommonusersearchbase]: cn=users.sh A series of messages and prompts will be displayed as the script executes.sh which can be found under $ORACLE_HOME/ldap/admin directory.dc=com Please enter the Plug-in Request Group DN: Please enter the exception entry property [(!(objectclass=orcladuser))]: Do you want to setup the backup Active Directory for failover? (y/n) n . Detailed information about this process appears in the Installing Active Directory External Authentication Plug-ins section of the Oracle Identity Management Integration Guide.14) Active Directory External Authentication Plug-in Deployment: The final step in the configuration process is to deploy the Active Directory External authentication Plug-in.

Sample answers are below: Enter the host name where Oracle IAS Infrastructure database is installed? grrusap008.provisiontype=4 NOTE: Provisiontype 4 is “BiDiNoCreation Provisioning”.pl script with below mentioned options: .com Enter the LDAP Port on Oracle Internet Directory server? 389 Enter SSL LDAP Port on Oracle Internet Directory server? 636 Enter the Oracle Internet Directory Administrator (orcladmin) Bind password? infra1 Enter the instance password that you would like to register this application instance with? test123 Enter Oracle E-Business apps database user password? Apps 17) When the registration script completes successfully. Make sure that the Plug-in Enable property is set for both adwhencompare and adwhenbind. Since KV is using single Infrastructure repository for all the instances. it will be provisioned to OID. Ensure that environment variables corresponding to the instance have been executed properly.pl -script=SetSSOReg . it will print the following line: . we need to keep provisiontype to 4 otherwise when users are created in one E-Business Instance. Therefore./txkrun. The registration script will prompt for several parameters. creating same user in another instance will result in LDAP error as user is already present in OID. 16) Go to $FND_TOP/bin directory of the instance and execute txkrun.kv. 15) Configure Oracle Identity Management 10g Components with E-Business Suite: Login on application tier server i-e AP001 of the instance which needs to be enabled for SSO.Return to the Oracle Directory Manager console upon successful completion of the plug-in deployment process and navigate to the click the Plug-In Management fork.

. users will be able to go to responsibility page directly after providing AD credentials. examine the following file to investigate the problem: $APPLRGF/TXK/txkSetSSOReg_[timestamp].com and password as your current LAN password. 19) Try log-in into the environment by hitting the URL ( e. 22) Depending upon whether your E-Business Account is already linked with AD account. 21) Enter username as your KV email address i-e x.kv.xml 18) Bounce the application tier of the instance which was configured for SSO.pl : No Errors encountered If you do not see this confirmation. DEV URL ): http://grrusap001-t. Kindly note that account linking is “once per environment” activity.y@kv. you will either be presented responsibility page of Oracle Applications OR the page which asks you to provide your Oracle Applications Username/Password for linking. Once your AD account is linked with Oracle Applications account.com:8005/OA_HTML/AppsLogin 20) This should re-direct you to SSO Login page.g.End of <FND_TOP>/patch/115/bin/txkSetSSOReg.

Sign up to vote on this title
UsefulNot useful